tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <>
Subject Re: PROPOSAL/VOTE: JMX hook mechanism
Date Tue, 14 Jan 2003 20:13:11 GMT
Glenn Nielsen wrote:

> I have one general comment.  For security I would like to see two
> different
> MBeanServers used.  One for config management the other for runtime
> monitoring. This way you could implement diffrent access controls for
> config management
> from runtime  monitoring.

That's one concern I have with JMX - there is some protection using 
the Policy ( in JMX1.2 ), but if you don't run the sandbox you're 
on your own.

All JMX implementations seem to support some "interceptors" and we can
try to implement our own add-on scheme ( not sure if Sun RI extensions are
documented or exist - but MX4J and Jboss provide that ). 

I'm afraid using 2 MBeanServers is not the best solution - if we put the
mbean server in the parent loader, I'm pretty sure user code will be able 
to get it ( if it wants to ). And the code can become very complicated. 

You know my opinion on this - if you don't run the sandbox, user code can 
control the VM without problems ( with some JNI code - or introspection,
or by overriding files ). If you run sandbox - the JMX1.2 policy-based 
access control should be good enough.


> Glenn
> Costin Manolache wrote:
>> Remy Maucherat wrote:
>>>This looks fine. Do I get some sample code before voting, so I can see
>>>the thing in action ?
>> I'm working on converting Jk to Listeners.
>> I want to first check in some changes to enable the "what is each thread
>> doing" feature - but that would add the dependency to JMX.
>> Time for a branch...
>> Should I do the changes in a branch, or branch the current stable code
>> and make changes in HEAD ?
>>>>I posted some more notes on my weblog ( which I just started few days
>>>>ago ), and I'll update it with more details.
>>>>( I'm just getting started with the blogging :-).
>>>Arg, you fell for blogging ! ;-P
>>>I'm not going to (although I do enjoy reading blogs): discussions should
>>>stay on the mailing lists, which do have centralized archives. If lists
>>>get more quiet because of blogging, then it's good (less emails to read
>>>every day :-D ).
>> I have a feeling the blogging is already affecting the lists. And it
>> certainly helps organize yourself - that was the main argument for me.
>> Are other tomcat developers blogging ? Should we keep a list - maybe in
>> wiki ?
>> It would be nice to be able to take all blogs about tomcat and feed them
>> into the list ( I have a category for tocmat and one for ant - but I
>> don't know too much about blogging yet ).
>> Costin
>> --
>> To unsubscribe, e-mail:  
>> <> For additional
>> commands, e-mail: <>

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message